Add database_clone_grant_ownership macro#32
Merged
jonhopper-dataengineers merged 1 commit intoJun 23, 2026
Conversation
Contributor
Reviewer's GuideIntroduces a new dbt macro Sequence diagram for database_clone_grant_ownership macro executionsequenceDiagram
actor User
participant dbt
participant database_clone_grant_ownership
participant Snowflake
User->>dbt: dbt run-operation database_clone_grant_ownership
dbt->>database_clone_grant_ownership: database_clone_grant_ownership(destination_database, new_owner_role)
database_clone_grant_ownership->>Snowflake: GRANT OWNERSHIP ON DATABASE destination_database TO ROLE new_owner_role REVOKE CURRENT GRANTS;
database_clone_grant_ownership->>Snowflake: run_query(list_schemas_query)
Snowflake-->>database_clone_grant_ownership: schemata_list
loop schemata_list
database_clone_grant_ownership->>Snowflake: GRANT OWNERSHIP ON SCHEMA destination_database.schema_name TO ROLE new_owner_role REVOKE CURRENT GRANTS;
database_clone_grant_ownership->>Snowflake: GRANT OWNERSHIP ON ALL TABLES/VIEWS AND OTHER OBJECTS IN SCHEMA
end
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
Contributor
There was a problem hiding this comment.
Hey - I've found 1 issue, and left some high level feedback:
- The macro description and changelog mention
COPY CURRENT GRANTS, but the SQL usesREVOKE CURRENT GRANTSon all GRANT OWNERSHIP statements; consider aligning the behavior and documentation or explicitly calling out that existing grants will be revoked. - The macro builds identifiers like
{{ destination_database }}.{{ schema_name }}without quoting; if callers ever pass mixed‑case or special‑character names, this will fail, so consider usingadapter.quote/api.Relationor otherwise quoting identifiers consistently. run_query(list_schemas_query)is executed unconditionally and the firststatementcall usesfetch_result=Trueeven though the result is never used; you can simplify by only callingrun_queryinside anif executeblock and dropping unusedfetch_resultto avoid unnecessary work.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The macro description and changelog mention `COPY CURRENT GRANTS`, but the SQL uses `REVOKE CURRENT GRANTS` on all GRANT OWNERSHIP statements; consider aligning the behavior and documentation or explicitly calling out that existing grants will be revoked.
- The macro builds identifiers like `{{ destination_database }}.{{ schema_name }}` without quoting; if callers ever pass mixed‑case or special‑character names, this will fail, so consider using `adapter.quote`/`api.Relation` or otherwise quoting identifiers consistently.
- `run_query(list_schemas_query)` is executed unconditionally and the first `statement` call uses `fetch_result=True` even though the result is never used; you can simplify by only calling `run_query` inside an `if execute` block and dropping unused `fetch_result` to avoid unnecessary work.
## Individual Comments
### Comment 1
<location path="macros/database/database_clone_grant_ownership.sql" line_range="19" />
<code_context>
+ WHERE schema_name != 'INFORMATION_SCHEMA'
+ {% endset %}
+
+ {% set results = run_query(list_schemas_query) %}
+
+ {% if execute %}
</code_context>
<issue_to_address>
**issue (bug_risk):** Guard the `run_query` call with `if execute` to avoid parse-time failures.
In dbt, `run_query` can’t be used during parse-only phases (e.g. `dbt compile`, docs generation, some adapter metadata calls). Here it’s always executed, and only the *use* of `results` is wrapped in `if execute`. Please also guard the `run_query` call with `if execute`, and in the `else` branch initialize `results`/`schemata_list` to safe defaults so parse-only commands don’t fail.
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
Adds a new macro to grant ownership of a cloned database and all its schemas, tables, and views to a specified role. Includes macro documentation, README update, changelog entry, and version bump to 1.0.6. .... Generated with [Cortex Code](https://docs.snowflake.com/en/user-guide/cortex-code/cortex-code) Co-Authored-By: Cortex Code <noreply@snowflake.com>
a507b7f to
770e6ef
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
database_clone_grant_ownershipmacro to grant ownership of a cloned database and all its schemas, tables, and views to a specified roledatabase.ymlandREADME.mdTest plan
dbt compileto verify macro parses without errorsdbt run-operation database_clone_grant_ownership --args '{"destination_database": "<test_db>", "new_owner_role": "<test_role>"}'against a test clone.... Generated with Cortex Code
Summary by Sourcery
Add a new macro to transfer ownership of cloned databases and update project metadata.
New Features:
Enhancements: